• Another "Cant Route LAN Traffic" post - My apologies

    16
    0 Votes
    16 Posts
    2k Views
    B
    Update: Finally I fixed all the outstanding issues. I had to correct some gateways for a few Esxi hosts, add some static routes to multi-NIC servers, adjust some workstation windows firewall rules, and now I can get to all of my LAN destinations. Thank you for your help with this! Also, after updating the OpenVPN client version on my Windows 10 box to 2.4 and adding the "block-outside-dns" parameter, I am getting local LAN DNS resolution instead of my ISP's. I was also able to get my Linux box connected to the VPN with DNS resolution working there also. Functionally this is all that I was looking for and it's working perfectly. Very stable. Ok that's it. Just wanted to say thanks for all of the invaluable knowledge on this board from the contributors in this thread and the many others that I read through as I worked through my issues.
  • OpenVPN hung

    7
    0 Votes
    7 Posts
    2k Views
    B
    I still have this problem as of today, with pfsense 2.3.2p1. When it happens, about once pr week, I normally log into pfsense by SSH and restarts webconfigurator and PHP-FPM then restarts the OpenVPN in the GUI. That I can live with. But the pain is that the branch office doesn't automatically reconnect to the OpenVPN-server but have to be rebooted every time this happens. I removed the OpenVPN and IPsec widgets but the probmels still occurs. Coffeup25, can you please advise on "dns leakage line added to some config files"? Which config files and which lines shall I look for? Or does somebody know another solution? I read somewhere that it might not be fixed as pfsense 2.4 will use another GUI-system and therefore it will be obsolete. So I presume the error/problem is still there in 2.3.3?
  • OpenVPN Routing Issue

    17
    0 Votes
    17 Posts
    3k Views
    DerelictD
    Yes. Upgrade.
  • OpenVPN clients put hostname in DNS Resolver?

    3
    0 Votes
    3 Posts
    2k Views
    M
    @kpa: Nothing ready to use afaik but OpenVPN has -client-connect and -client-disconnect scripts that are run when client connects/disconnects so it's possible to hack something in those to register/deregister entries to the DNS forwarder/resolver during connect/disconnect. Do note that there is no DHCP used on an OpenVPN connection when the usual settings (tun type tunnel network etc.) are used so the OpenVPN server never sees the hostname of the connecting client, it sees only the CN from the client certificate of the connecting client. In my case at least with any machines I care about reaching I've already set the CN to the same as the hostname (lacking any other ideas what to put) so maybe that will help. I assume this is a server-side script setting?  Is there any documentation on how to do this in pfSense? I'm quite familiar with both networking and bash/sh/csh scripting from work projects but I've never worked with VPNs before (from an administrator point of view, I've only used them as a "client" before) and I'm not sure how I'd properly "save" a script to pfSense.  I assume it has to go in a certain place to be saved thru upgrades/reinstall and then I'd have to reference it there in the openvpn advanced-configuration and somehow it would "find" what clients are connected to register them.
  • Configuring ovpn interface on vlan

    7
    0 Votes
    7 Posts
    1k Views
    S
    hi just tried it, works alright, thanks for your help whosmatt and kpa  :)
  • Client Export list empty when using intermediate CA

    4
    0 Votes
    4 Posts
    934 Views
    F
    Hum, it's ok with new pfSense 2.3.3 thanks
  • Howto opt out one address from OpenVPN? - Solved

    2
    0 Votes
    2 Posts
    526 Views
    J
    I got this working. I had way too many rules it seems, I followed a tutorial when I set things up that told me that for every rule I create on one interface like LAN I had to create the mirror on it's destination. I just disabled half my rules and everything is running fine. To opt out the one device I made one rule: Pass, Interface=Wireless, Source=Singlehost-192.168.25.45, Destination=any, Gateway=WAN No extra NAT rules or anything else and it works great
  • Help replacing client routes if they overlap server LAN

    1
    0 Votes
    1 Posts
    443 Views
    No one has replied
  • VPN setup with Wizard trying to push incorrect route

    5
    0 Votes
    5 Posts
    2k Views
    Z
    Thanks for the reply. After thinking about it, I too realized that this probably won't work. Oh well.  Much appreciated!
  • [Help] OpenVPN TAP Issue

    2
    0 Votes
    2 Posts
    624 Views
    S
    Did you setup the Bridge?
  • PIA OpenVPN with pfSense firewall - DNS Leaks

    1
    0 Votes
    1 Posts
    960 Views
    No one has replied
  • 0 Votes
    5 Posts
    2k Views
    V
    After looking for some openvpn configurations in /etc/ I possibly could apply from my existing installation, I was searching the forums until I found this thread OpenVPN config file? and realized the configs are stored in /var/etc/openvpn/ so from the webui via menu "diagnostics" - "edit file" its possible to edit your specific config. Looking at the openvpn logs it seems like it works same as it worked on my existing installation. I have to fully set up pfsense to test if the same configuration would work, but so far it looks good. Thanks
  • Configure OpenVPN on pfSense running in bridge mode?

    2
    0 Votes
    2 Posts
    1k Views
    V
    If you can't change your router to act as a (bridging) modem, at least you need to be able to add corresponding port-forwards for your openvpn server. Without a possibility to connect to the openvpn server from outside, it won't work. See OpenVPN Networking
  • 0 Votes
    3 Posts
    5k Views
    F
    @jimp: The new version of the export package includes OpenVPN 2.4 binaries. They will work fine with OpenVPN 2.3.x servers. The message in that description is warning you that if you have an OpenVPN 2.4 server, and the OpenVPN 2.4 server has features enabled that are only in OpenVPN 2.4, then an older OpenVPN 2.3.x client may not work against that server. Thanks for this explication It's ok Have a nice week-end,
  • Help getting OpenVPN session working..

    8
    0 Votes
    8 Posts
    963 Views
    WB3FFVW
    Anyone have any ideas??
  • Stop all traffic going over OpenVPN when 'default' gateway is selected

    2
    0 Votes
    2 Posts
    711 Views
    M
    To answer my own question, it was pulling routes from OpenVPN. I checked the "Don't pull routes: Bars the server from adding routes to the client's routing table" box and everything is working as desired! Routing before: Internet: Destination        Gateway            Flags      Netif Expire 0.0.0.0/1          10.69.0.5          UGS      ovpnc1 default            InternetIPGoesHere      UGS        em0 Routing after: Internet: Destination        Gateway            Flags      Netif Expire default            InternetIPGoesHere      UGS        em0 Special thanks to FPSRogerRamjet for the help!
  • Pfsense OpenVPN only in ESXi

    2
    0 Votes
    2 Posts
    1k Views
    V
    Yes, that will work with pfSense and also with only one interface. Do you plan a remote access server or a site-to-site? A site-to-site would be more comfortable for the remote users. In both cases you will have to add a static route for the remote site to the file server pointing to pfSense. If it's an access server for the tunnel subnet, if it's a site-to-site for the remote users LAN.
  • Running OpenVPN on LAN interface.

    13
    0 Votes
    13 Posts
    2k Views
    J
    Yup - i think that fixed it.  I switched from "All" to multi selected.  All seems to be working now! Huge thanks for your help, truly appreciated!
  • OpenVPN clients can't access outside /24 range of pfSense's IP address

    2
    0 Votes
    2 Posts
    628 Views
    jimpJ
    How do you connect to those other /24 ranges? Is there some other router involved? In all likelihood the traffic leaves pfSense heading toward those other subnets but can't find its way back.
  • NGINX Gateway Timeout after setting up OpenVPN + FreeRADIUS2 + mOTP

    3
    0 Votes
    3 Posts
    854 Views
    Z
    Can this be fixed on the next stable release?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.